Digital Security & Fraud Prevention

Protect your wealth against fraud

Protect your wealth against fraud

To protect you and your wealth from fraud, please pay attention to these few simple precautions.

Top Security Tips
  • Citibank staff and the police will never ask for your account number, Citibank user ID or password, ATM Card/Credit Card Personal Identification Number (PIN), account balance and identity card/passport number or other sensitive information. Keep your password and PIN secret and do not disclose them to anyone including Citibank staff.
  • Never provide the One Time Password (OTP) that is sent to your mobile phone to anyone, including people claiming to be from Citibank.
  • Always secure your security credentials, such as One-Time Password (OTP), PIN, User ID and Password, card number, CVV codes, account numbers, unlock code and other personal information. Ensure no one is watching while you key in or listening while providing sensitive information for verification. Citibank will never email you asking for the above sensitive information. Never reply to any emails that ask you submit sensitive information.
  • When accessing Citibank Online, always check that the citibank website has a valid certificate marked to Citigroup Inc (US). We recommend that you enter the bank's address (e.g. citibank.com.hk) in your browser URL field to access and login to your account.
  • Always log off your online session. Do not just close your browser. Follow the logoff instructions to ensure your protection.
  • Do not use a shared computer or mobile phone/ mobile device that cannot be trusted for Online and Mobile Banking.
  • Be alert to phony "look alike" websites, or fraudulent e-mails and SMS that contain an embedded hyperlink. These may appear to come from a trusted business or friend, but are actually designed to mislead you into opening a fraudulent website and exploiting the computer or mobile phone system. Do not reply, click on the hyperlinks or input any sensitive information. To ensure safe and secure online banking access, strongly recommended to type in the URL begins with https directly in the address bar.
  • Never disclose your personal data or bank account details to unsolicited callers or pre-recorded voice message phone calls requesting such information. If you have received suspicious calls purporting to be from Citibank, please notify us immediately by calling our dedicated hotline at (852) 2860 0370 to verify the caller’s identity.
  • Always check SMS alerts from Citibank and check your banking transactions on regular basis for any unauthorized transactions. Contact us immediately should you encounter any difficulties, unauthorised transactions or irregularities.
  • Update your latest and valid personal details with the bank, such as mobile phone number to ensure correct correspondence for charge confirmation when suspicious transactions appear.
  • If you have lost your HKID or Passport, kindly approach Police and Immigration to report loss and contact us to report the case immediately.
  • If you suspect that your statement or account details have been stolen or compromised, please contact us immediately to report the case.

Click here to learn more about digital security tips published by the Hong Kong Monetary Authority.

Online Banking
  • Ensure your operating system and browser has the latest antivirus programs and security patches applied. Schedule periodic scanning of systems.
  • Change your Online Banking password regularly, keep it confidential and hard to guess.
  • Safely log on to Citibank Online Banking by entering the homepage of Citibank Hong Kong www.citibank.com.hk into your browser, or bookmark the authentic website address for future use. Beware suspicious pop-up windows and do not use website address or links attached in any e-mail or found through Internet search engines to log on to Citibank Online Banking.
  • Install a personal firewall to help prevent unauthorized access to your personal computer, especially if you connect through a broadband connection, network router, cable or DSL modem.
  • Clear your browser's cache and history after each session to ensure your account information is removed, especially if you are using a shared computer.
  • Use the latest recommended Internet browser version, or one that supports 128-bit encryption. De-activate the "Auto Complete" function to prevent any Password, CIN and PIN from being stored. All data sent to and from Citibank is "scrambled" and "re-assembled" between Citibank and your personal computer to protect your personal and financial information. The highest level of encryption generally available today (128-bit) means there are two to the power of 128 possible combinations of "keys", but only one that will "unlock" the information.
  • Ensure the file sharing feature is disabled in your operating system while online, particularly if you are linked to the Internet through a cable, DSL modem, or network router.
  • Be cautious of your wireless connections security:

    • Set a personal and unique password for your wireless network.
    • Disable broadcasting your network name (SSID-Service Set Identifier).
    • Use encryption to protect your wireless network.
    • Use only registered machines for your wireless network.
  • Do not install software or run programs from an unknown origin.
  • Citibank will terminate your secure Citibank Online session after 15 minutes of inactivity. This prevents the unauthorized use of your session by anyone else.

Click here to learn more about the latest online banking fraud cases published by the Hong Kong Police.

Mobile
  • Install the latest security patches and software updates on your mobile phone/mobile device. Do not download program/apps from unsecured sources.
  • Read permission requests carefully when an app is installed. Stop the installation if they seem unusual or unnecessary to you.
  • Don’t root or jailbreak your device.
  • Use only known, trusted Wi-Fi networks.
  • Set up a password for your mobile phone. This will help you prevent unauthorized use of your mobile phone and access to your personal information in case it is lost or stolen.
  • Remove temporary files and the cache stored in the memory of your mobile phone regularly since they may contain sensitive information such as your account number.
  • Clear browsing history regularly.
  • Do not leave your mobile phone unattended.
  • Do not keep sensitive information such as your account numbers, PIN and logon passwords in your mobile phone.
  • If you have enabled Citi Mobile® Token but your phone is lost or stolen, you are strongly recommended to

    • Disable Citi Mobile® Token
      • Sign on Citibank Online www.citibank.com.hk
      • Go to Services > My Profile > Disable Citi Mobile® Token
    • And change your Citibank Online password immediately.
  • If you are opening or downloading your e-statement through a mobile,

    • Please do not open or download your e-statement through a shared mobile.
    • Recommend to save your e-statement PDF in the preferred location in your mobile. If you are uncertain about the security level of your mobile, you are also recommended to remove the saved e-statement after viewing it.
    • Please ensure proper log off after you have finished viewing e-statement and using Citi® Mobile. As such your personal data and financial information can be safeguarded.
ATM

To ensure your ATM banking sessions are secure, here are some simple security tips you should follow:

  • Beware of any foreign object/device attached to the ATM that appears unusual. The attached foreign object/ device may be a skimming device to compromise magnetic strip data & PIN.
  • Insert your ATM card into the card reader and remove it. Do not leave the card in the slot.
  • Do not allow anyone to see your PIN when you are keying it in. Ensure no one is looking over your shoulder.
  • Change your ATM card/credit card PIN upon receiving it.
  • Do not use the same ATM card/credit card PINs for accessing other services..
  • Never use ATM card & credit card PIN that can be easily guessed such as ID number, birthday or telephone number.
  • Change your ATM card & credit card PIN regularly.
  • If your ATM Card or PIN is lost or PIN has been identified by another person, please contact us to report the case immediately.
  • Click here to learn more about ATM security tips published by the Hong Kong Monetary Authority.

SMS


At Citi, we take protecting your account seriously. We created a video to show you we are constantly working to safeguard your account. Citi Fraud Early Warning will immediately alert you of any suspicious activity on your account by 2way SMS text messaging. You can confirm the transaction as genuine, and then can use your card again right away. If the transaction is not yours, we will reach out to you to stop future use of the card, identify any transactions that are fraud, and if needed, re-issue a new card. Please update your latest and valid personal details with the bank, such as mobile, home and work phone numbers to ensure correct correspondence for charge confirmation with suspicious transactions appear. Thanks for being a Citi card member and remember we are here to keep your card protected. Your Security is our Priority.

  • Citibank will send “2way Transaction Confirmation SMS” to you in the event of suspicious transactions, and allow you to confirm by replying to our SMS, protecting your interests. You can also contact us at (+852) 2860 0325 (Credit Card Service) | (+852) 2860 0330 (Banking Service ).
    To protect your interests and avoid unauthorized transactions, your banking account or credit card will be temporarily suspended in the event of the following:
    • Suspicious behavior/transactions detected
    • Failure to receive a reply from you regarding suspicious transactions
    • Your confirmation of an unauthorized transaction

    This SMS is available for Citibank credit card and/or banking account holders and sent from (852) 6115 1702. SMS charge may apply. In the “2way Transaction Confirmation SMS” process, Citibank will not require you to disclose any account numbers, online banking passwords, ATM/Credit card PIN, account information and other sensitive information or install any program/apps.

  • Citibank will send SMS to you in the event of suspicious transactions. We will also send you one-time SMS OAC (Online Authorization Code) as a safety measure for your Online Banking transactions. Watch out for notifications sent by your telecommunication provider about activation of the SMS/Voice Call forwarding function of your mobile device. Check with your service provider and report any suspicious notifications if you haven't authorized the activation.
  • Enroll and receive real-time Citi Alerts SMS to receive real-time SMS alerts after making transactions, enabling you to detect any suspicious activity in your banking and credit card accounts. Real-time Citi Alerts include:
    • ATM Card Transaction Alert
    • Online Payments and Transfers Alert
    • Credit Card Transaction Alert.

    Citi Alerts Service is free of charge and covers a wide range of banking, investment and credit card services.
    Click here to learn more about Citi Alerts Service.

  • Delete sensitive SMS messages if they are no longer required.
  • Be caution of fake SMS pretend to be Citibank and request for transaction or personal information. If you suspect any spurious SMS, please contact our 24-hour CitiPhone Banking, your branch manager or take a screenshot (SMS) and send it to spoof@citicorp.com immediately.

Please take note of the following safe and secured SMS sender ID from Citibank:

Authorize SMS sender ID
85252830559
85252830597
85253800483
85253801530
85261151201
85261151702
85265248357
85265508770
85265560332
85265561430
85265569623
85265588593
85265601935
85265604340
85265604341
85265604766
85265606236
85265606307
85265606343
85296657688
85298600333
852649679210302
9665740503903
Email
  • Email attachments from unspecified or suspicious sources may be a virus or worm. Do not open any attachment unless you are sure it is safe.
  • Do not send sensitive personal or financial information unless it is encrypted on a secure website. Regular emails are not encrypted.
  • If you have provided sensitive information to a suspicious website, you should report it to the police immediately. If the website is purporting to be a Citibank site, please notify us right away.
  • We will not send emails asking for your personal information, your Citibank Online User ID and password or embedded hyperlinks that provide direct access to Citibank login page or mobile banking account without prior notification or necessary precautions to make before accessing hyperlink. To ensure safe and secure online banking access, strongly recommended to type in the URL begins with https directly in the address bar.
  • If you use a link in an email you have received from us, you can check the authenticity of the website you are accessing by checking the website SSL certificate information, such as company name, URL, certificate issuer, validation date, and encryption types, etc., to confirm that is the website you intend to access. You are advised not to click on any questionable hyperlinks embedded in emails or third party links, or open suspicious attachments.
  • Be caution of fake emails could be sent by someone you know or pretend to be Citibank and request for transaction or personal information. If you suspect any spurious emails , please contact our 24-hour CitiPhone Banking, your branch manager or forward the email as an attachment to spoof@citicorp.com immediately.

Please take note of the following safe and secured email address from Citibank:

Authorize Email address
citialerts.HongKong@citi.com
citibank@emailapps.apac.citi.com
citibank@emailapps.globalcommon.citi.com
clientservice.cbhk@citi.com
edelivery@edelivery.citi.com
edmprdhk@citi.com
hkfraudalert@citi.com 
hongkong.customer.service@citi.com
Credit Card

To prevent credit card fraud from happening, here are some measures you can take to protect yourself:

  • Sign on the back of your Credit Card the moment you receive it.
  • Keep an eye on your card when making transactions, to avoid any unauthorized person from gaining your Credit Card.
  • Review your monthly statements and report discrepancies immediately.
  • Inform your bank in advance of any address change.
  • Patronize only reputable websites when making purchases.
  • Enroll in the free Citi Alerts service to protect yourself.
  • Inform the bank in advance of your travel plans to help the bank validate Credit Card purchases incurred overseas.
Investment Services

Enhanced security measures for your online investment trading accounts

To comply with the latest Securities and Futures Commission (SFC) guidelines and offer you a safer and more secure environment for online investment trading services, effective July 22 2018, you will receive an email and/or SMS notification when accessing designated investment services or placing/executing relevant trades*, including i) Gold Manager Account, ii) Securities Trading Account and iii) Mutual Funds Account.

* If you currently unsubscribe the designated investment trade notification(s), you will be subscribed again automatically when the above measures are implemented. You are able to unsubscribe the alerts via Citibank Online subsequently given that you have acknowledged the risks involved in not receiving such notifications.

i. Accessing designated investment trading services via Citibank Online or Citi Mobile® According to SFC requirements, we must send the notification to you whenever your online investment account is accessed via Citibank Online or Citi Mobile®, as this is crucial to protect you from hacking risks associated with internet trading.
ii. Placing or executing a designated investment trade via Citibank Online or Citi Mobile® You are able to unsubscribe the alerts via Citibank Online given that you have acknowledged the risks involved in not receiving such notifications.

After July 22 2018, you can go to the respective pages below to manage your subscriptions for the notifications of placing or executing an online investment trade:

Designated investment services Where can I manage my subscriptions via Citibank Online?
Gold Manager Account For FX Spot Trading and Order Watching On Gold (XAU):
Log on to Citibank Online > Wealth Management > Currency exchange/trading > FX Alerts

For Payment and Transfer on Gold Transactions:

Log on to Citibank Online > Services > My Profile > Citi Alerts> Manage Alerts >Edit Alerts > Investment Alerts
Securities Trading Account Log on to Citibank Online > Wealth Management > Stock Trading > My Toolbox > Stock Alerts
Mutual Funds Account Log on to Citibank Online > Wealth Management > Mutual Fund > Alert
  • Citi Mobile® App makes banking more convenient
  • Overseas ATM withdrawal service. Activation in advance.